1003 PDT MARY MCRAE ANNOUNCES THAT THE KMIP TC

1003 PDT MARY MCRAE ANNOUNCES THAT THE KMIP TC
MICHAEL GLENNY1 LINDSAY MCRAE2 PAUL WYLLIE2 THIERRY DARDE2 1BP





10:03 PDT Mary McRae announces that the KMIP TC is now "officially" formed with Bob Griffin & Tony Nadalin as co-chairs

Attendance is attached @ the bottom of the document:

Mary notifies the group about the following OASIS policies:

  1. IPR (RF on RAND)

  2. TC Process

  3. Observer status

  4. Voting rights

All work should be done on OASIS hosted servers to ensure openness since email archives are always publically accessible.

Mark (HP) talks about the charter

Cryptographic devices should be added to the class of devices (this is implicit)

Out of scope list:

Should also include the fact that security assurances are not part of the spec, Need clarity around where the standard starts and where it ends – essentially the boundary

In the absence of further comments, the charter is considered approved.

Q) What is the process for ensuring compatibility (ongoing plug fests and test beds?)

Bob Griffin’s response: More with vendor attestation (vendor affirms that they are in compliance with version X.XX of the specification) and informal so far, but we might need to host formal plug fests as things progress on.

Motion #1: Bob Griffin makes the following motion “Accept documents from each of the co-authors as seed material for the OASIS KMIP TC”, Landon Noll seconds

Motion passes by unanimous consent





Liaisons with other groups

Tony asks for the list of groups we need to interface with:

  1. IEEE 1619.3

    1. Landon makes and Benjamin seconds the following motions:

      1. Motion #2 “Move to accept a liaison with IEEE P1619.3”

      2. Motion #3 “Move to nominate Matt Ball as the liaison”

Hearing no objections, these motions are passed.

  1. OASIS EKMI

  2. TCG

    1. Storage

    2. Infrastructure

  3. IETF KeyProv

  4. ANSI X9F

  5. SNIA –

    1. SSIF (storage security industry forum)

    2. Security TWG

Does a liaison create a legal obligation? – Dee says “Liaison does not create any legal obligations from OASIS, but just enhances co-operation between the two entities”

Tony makes motion #4 to approve liaisons with groups 2-6. Bob Lockhart seconds

Any objections besides Landon Noll’s abstention

Tony amends motion #4 to exclude OASIS EKMI from the list and Bob seconds the update

No objections – motion passes

Tony makes motion #5 to add a liaison to OASIS EKMI, Bob L seconds, Landon abstains

No objections – motion passes with Landon’s abstention.

EKMI liaison – Tony makes motion #6 to nominate Benjamin as the liaison, Bob L seconds

Hearing no objections but an abstention from Landon this motion passes.

TCG – Storage – Motion #7 Landon nominates Walt as the liaison, Bob L seconds

Hearing no objections, motion passes

TCG – Infrastructure – Motion #8 Scott Rotondo nominates Wyllys Ingersoll as the liaison and Bob G seconds

Hearing no objections, motion passes

IETF – KeyProv: Motion #9 Benjamin moves to table this at this time

ANSI X9F – move to table, motion passes

SNIA – SSIF – Bob G nominates Gordon & Bob L seconds

Hearing no objections, motion passes

SNIA – Security TWG – Bob G nominates Larry & Brandon seconds

Hearing no objections, motion passes

AI: Tony N to send guidelines on participation to liaisons.

Bob G nominates Subhash as secretary & Benjamin seconds

Matt objects and asks we defer this decision until next week

Bob G withdraws his motion and moves to table

Tony makes motion #10 that we nominate editors (taking existing documents and putting them into OASIS templates), Bob L seconds

Hearing no objections, motion passes

Bob G asks if anyone would like to volunteer for editors.

Bob G makes motion #11 to nominate Robert Haas as editor for KMIP core specification, Bob L seconds

Mark makes motion #12 to nominate Indra as editor for KMIP core specification, Bob L seconds

Hearing no objections, both motions pass

Bob G makes motion #13 to nominate Indra as editor for Usage guide, Bob L seconds

Hearing no objections, motion passes

Bob G makes motion #14 to nominate Robert Haas as editor for use case doc, Bob L seconds

Hearing no objections, motion passes

Asking for volunteers to maintain the KMIP website (FAQ website)

John makes motion #15 to nominate Kevin, Bob L seconds

Hearing no objections, motion passes

Tony makes motion #16 to make 11:00 AM ET Thu as the weekly meeting slot

Tony amends motion to noon EDT, 2 objections

Tony withdraws amendment and goes back to 11 AM ET for 60 minutes, Marc H seconds

Landon makes substitute motion to move weekly meeting to Noon ET on Thursday

Substitute motion did not pass (17 (N), 4 (Y), 12(A))

Original motion passes (21 (Y), 3 (N), rest abstain)

Notes from discussion session:

  1. Byte Alignment (normative)

  2. Alternative Register operation (normative)

  3. Alternative trust establishment (KeyProv – DSKPP, RSA stuff) (normative)

  4. Common key naming schemes (across device types) – informative text might be needed

  5. How to incorporate vendor specific extensions – informative / usage guide and not normative

  6. Client => Server interop testing

  7. Informative presentation about .3

  8. How the two protocols (.3 & KMIP) can mesh together

  9. Mapping the KeyProv PSKC to the KMIP key block

  10. List the required key derivation mechanisms

  11. Supported / mandatory key wrapping mechanisms

  12. List the mandatory vs optional components

  13. Clarification on attribute encoding as they are xmitted over the wire (walk thro the various encoding mechanisms)

  14. Have an open source reference client implementation

  15. Perform a threat analysis of the over the wire protocol

  16. Compliance related issues?

  17. Conformance model

Q) What is the list of doc formats that need to be supported (Word (which version), PDF, ODF, HTM

Agenda for April 30th meeting:



Interop Testing



Bob G to send instructions on how to obtain access to the interop servers

Results of the interop testing MUST remain confidential



Conformance model

There are no real conformance requirements that are imposed on clients.

On the server side, it has a minimum set of core functionality that it MUST implement (transport, mandatory operations, ALL server => client operations are optional)



A future meeting should discuss the various conformance criteria that we might want addressed.



Potential end of june timeframe for a F2F meeting to discuss various issues including interop testing.



3:04 PDT – meeting adjourned.





Action Items

  1. Liaison to ANSI X9F – Bob G / Tony N

  2. Tony N to send guidelines on participation to liaisons.

  3. Bob G to send instructions on how to obtain access to the interop servers

  4. Matt Ball to come up with a byte ordering proposal.

  5. Robert Haas & Indra Fitzgerald to update existing documents with the OASIS template by April 30th.

  6. Bob G to send a proposal on trust establishment by April 30th

  7. Stan to submit a proposal on key naming schemes

  8. Scott Kipp to submit a proposal on application specific identifiers

  9. Bob L to submit a 1619.3 => KMIP mapping

  10. Bob G to schedule a discussion about conformance criteria (Client & Server)

  11. Robert Haas to make edit the KMIP specification to clarify certain issues

  12. Kevin Bocek has volunteered to update the FAQ section of the KMIP website.



List of voting members that attended:

Matthew

Ball

Sun Microsystems

Elaine

Barker

NIST*

Peter

Bartok

Venafi, Inc.

Tom

Clifford

Symantec Corp.*

Stan

Feather

Hewlett-Packard*

Indra

Fitzgerald

Hewlett-Packard*

Alan

Frindell

SafeNet, Inc.

Judith

Furlong

EMC Corporation

Jonathan

Geater

Thales e-Security

Robert

Griffin

EMC Corporation

Robert

Haas

IBM

Thomas

Hardjono

M.I.T.

Marc

Hocking

BeCrypt Ltd.

Larry

Hofer

Emulex Corporation

Walt

Hubis

LSI Corporation

Wyllys

Ingersoll

Sun Microsystems

Glen

Jaquette

IBM

Scott

Kipp

Brocade Communications Systems, Inc.

David

Lawson

Emulex Corporation

Robert

Lockhart

Thales e-Security

Shyam

Mankala

EMC Corporation

Upendra

Mardikar

PayPal Inc.

Marc

Massar

Individual

Anthony

Nadalin

IBM

Landon

Noll

Cisco Systems, Inc.*

Rob

Philpott

EMC Corporation

Will

Price

PGP Corporation

Bruce

Rich

IBM

Subhash

Sankuratripati

NetApp

Mark

Schiller

Hewlett-Packard*

Servesh

Singh

EMC Corporation

Sandy

Stewart

Sun Microsystems

Marcus

Streets

Thales e-Security

Benjamin

Tomhave

Individual

Paul

Turner

Venafi, Inc.

Rod

Wideman

Quantum Corporation

Steven

Wierenga

Hewlett-Packard*

Krishna

Yellepeddy

IBM



NOTE: ‘*’ besides some companies is an artifact of the Kavi system being used and is meaningless.

Non-voting members that attended:

Gordon

Arnold

IBM

Graydon

Dodson

Lexmark International Inc.

Brandon

Hoff

Emulex Corporation



Observers that attended:

Chris

Dunn

SafeNet, Inc.

Brian

Tokuyoshi

PGP Corporation

Daniel

Wong

Oracle Corporation

John

Mason

Microsoft

Santosh

Chokhani

Entrust

Jon

Callas

PGP

Kevin

Bocek

Thales

John

Tattan

??










Tags: announces that, announces, mcrae